TCP connection trace commands

R (Reason)

Reason why the TCP connection was disconnected:

·     PN—The peer device was normally shut down.

·     RR—The local device received an RST packet.

·     SR—The local device sent an unsolicited RST packet.

·     AN—The application using the TCP connection was normally closed.

·     AA—The application using the TCP connection was abnormally closed.

·     KT—The keepalive probing timed out.

·     PT—The persist timer expired.

·     RT—The retransmission timed out.

·     BD—Invalid NSR standby MPU.

Local Addr

Local IPv4 address.

LAddr

Local IPv6 address.

port

Port number.

Foreign Addr

Peer IPv4 address.

FAddr

Peer IPv6 address.

VPN name

Name of the VPN instance to which the TCP connection belongs. This field displays N/A if the TCP connection is on the public network

Time

Time when the TCP connection was disconnected.

MDC ID

ID of the MDC. The value is 1 if the TCP connection is in the default MDC.

Jul 5 09:37:58:917 2019

Time when the display tcp trace cache-packet ip command was executed.

VPN name

Name of the VPN instance to which the TCP connection belongs. This field displays N/A if the TCP connection is on the public network.

Connection

Source IP address, source port number, destination IP address, and destination port number in the TCP connection.

Reason

Reason why the TCP connection was disconnected:

·     received reset—The local device received an RST packet.

·     sent reset—The local device sent an unsolicited RST packet.

·     peer normal close—The peer device was normally shut down.

·     application normal close—The application using the TCP connection was normally closed on the local device.

·     application abnormal close—The application using the TCP connection was abnormally closed on the local device.

·     keepalive timeout—The keepalive probing timed out.

·     persist timeout—The persist timer expired.

·     retransmit timeout—The retransmission timed out.

·     backup drop—Invalid NSR standby MPU.

sndmax/localackmax/scale/mss

Packet sending information:

·     sndmax—Increment of the send sequence number, which is calculated by using the following formula: sequence number in the last sent packet - initial sequence number.

·     localackmax—Increment of the sequence number in the ACK packet for the locally sent packet, which is calculated by using following formula: sequence number in the last received ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in sent packets.

rcvmax/peerackmax/scale/mss

Packed receiving information:

·     rcvmax—Increment of the receive sequence number, which is calculated by using the following formula: sequence number in the last received packet - initial sequence number.

·     peerackmax—Increment of the sequence number in the ACK packet for the packet received on the local device, which is calculated by using the following formula: sequence number in the last sent ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in received packets.

iss

Sequence number in the SYN packet when the TCP connection was established.

irs

Sequence number in the ACK packet when the TCP connection was established.

in x (drop x)

Number of received packets. The value in parentheses (()) indicates the number of dropped packets.

out

Number of packets that have been sent.

retrans

Number of packets that have been retransmitted.

connection time

Time when the connection was established.

(1)

Display number of the packet information.

Jul 6 09:37:58:917 2019

Packet exchange time.

In

Incoming TCP packet.

Out

Outgoing TCP packet.

RS

Retransmitted TCP packet.

seq

Send sequence number. The value in parentheses (()) indicates the relative send sequence number, which is calculated by using the following formula: send sequence number - initial send sequence number.

ack

Acknowledgment number. The value in parentheses (()) indicates the relative receive sequence number, which is calculated by using the following formula: receive sequence number - initial receive sequence number.

data

Data length in the TCP packet.

NSR

Validity state of NSR:

·     valid.

·     invalid.

CLOSED

NSR state of the TCP connection:

·     CLOSED—Closed (initial) state.

·     CLOSING—The connection is to be closed.

·     ENABLED—The connection backup is enabled.

·     OPEN—The connection synchronization has started.

·     PENDING—The connection backup is not ready.

·     READY—The connection backup is ready.

·     SMOOTH—The connection data is being smoothed.

flag

TCP flag:

·     FIN—Terminates the connection.

·     SYN—Establishes the connection.

·     RST—Resets the connection.

·     PSH—Notifies the receiver to immediately process the data.

·     ACK—Acknowledges the receipt of data.

·     URG—Notifies the receiver to first process the urgent data.

status

TCP connection state:

·     CLOSED—The server receives a disconnection request's reply from the client.

·     LISTEN—The server is waiting for connection requests.

·     SYN_SENT—The client is waiting for the server to reply to the connection request.

·     SYN_RCVD—The server receives a connection request.

·     ESTABLISHED—The server and client have established connections and can transmit data bidirectionally.

·     CLOSE_WAIT—The server receives a disconnection request from the client.

·     FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request.

·     CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other.

·     LAST_ACK—The server is waiting for the client to reply to a disconnection request.

·     FIN_WAIT_2—The client receives a disconnection reply from the server.

·     TIME_WAIT—The client receives a disconnection request from the server.

win

TCP window size

csum

Checksum in the TCP packet header.

ID

16-bit identification in the IP packet header.

ipcsum

Checksum in the IP packet header.

iss/sndcc/unack/next/max/wnd

Packet sending information:

·     iss—Initial send sequence number.

·     sndcc—Number of bytes in the send buffer.

·     unack—Sequence number in the first data packet that has been sent but not acknowledged minus the initial sequence number.

·     next—Sequence number in the next packet to be sent minus the initial sequence number.

·     max—Send maximum sequence number minus the initial sequence number.

·     wnd—TCP send window size.

irs/rcvcc/undeliver/next/adv/wnd

Packet receiving information:

·     irs—Initial receive sequence number.

·     rcvcc—Number of bytes in the receive buffer.

·     undeliver—Sequence number in the received data packet that has been not been delivered minus the initial receive sequence number.

·     next—Sequence number in the next expected packet.

·     adv—Sequence number in the sliding window advertisement packet minus the initial sequence number.

·     wnd—TCP receive window size.

socket state

Socket state:

·     NOFDREF—The user has closed the connection.

·     ISCONNECTED—The connection has been established.

·     ISCONNECTING—The connection is being established.

·     ISDISCONNECTING—The connection is being interrupted.

·     ASYNC—Asynchronous mode.

·     ISDISCONNECTED—The connection has been terminated.

·     PROTOREF—Indicates strong protocol reference.

·     N/A—None of above state.

socket options

Socket options:

·     SO_DEBUG—Records socket debugging information.

·     SO_ACCEPTCONN—Enables the server to listen connection requests.

·     SO_REUSEADDR—Allows the local address reuse.

·     SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive.

·     SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network.

·     SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer.

·     SO_OOBINLINE—Stores the out-of-band data in the input queue.

·     SO_REUSEPORT—Allows the local port reuse.

·     SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated.

·     SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs.

·     SO_FILTER—Supports setting the packet filter criterion. This option takes effect on the incoming packets.

·     SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds.

·     N/A—No options are set.

inpcb flags

Flags in the Internet PCB:

·     INP_RECVOPTS—Receives IP options.

·     INP_RECVRETOPTS—Receives replied IP options.

·     INP_RECVDSTADDR—Receives destination IP address.

·     INP_HDRINCL—Provides the entire IP header.

·     INP_REUSEADDR—Reuses the IP address.

·     INP_REUSEPORT—Reuses the port number.

·     INP_ANONPORT—Port number not specified.

·     INP_RECVIF—Records the input interface of the packet.

·     INP_DONTFRAG—Sets the Don't Fragment flag.

·     INP_PROTOCOL_PACKET—Identifies a protocol packet.

·     INP_RCVMACADDR—Receives the MAC address of the frame.

·     INP_SNDBYLSPV—Sends through MPLS.

·     INP_USEICMPSRC—Uses the user-defined source IP address of ICMP messages as the source address.

·     INP_SYNCPCB—Waits until Internet PCB is synchronized.

·     N/A—None of the above flags.

inpcb extflag

Extension flags in the Internet PCB:

·     INP_EXTRCVPVCIDX—Records the PVC index of the received packet.

·     INP_RCVPWID—Records the PW ID of the received packet.

·     INP_EXTDONTDROP—Does not drop the received packet.

·     N/A—None of the above flags.

TCP options

TCP options:

·     TF_MD5SIG—Enables MD5 signature.

·     TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP.

·     TF_NOOPT—No TCP options.

·     TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers.

·     TF_BINDFOREIGNADDR—Binds the peer IP address.

·     TF_NSR—Enables TCP NSR.

·     TF_REQ_SCALE—Enables the TCP window scale option.

·     TF_REQ_TSTMP—Enables the timestamp option.

·     TF_SACK_PERMIT—Enables the TCP selective acknowledgement option.

·     TF_ENHANCED_AUTH—Enables the enhanced authentication option.

recv delayack

This value is calculated by using the sequence number of the next expected packet on the MPU minus the initial receive sequence number.

time start/offset/nsroffset/send//start/lastrcv/tsrecent/tsrecentage

Time values:

·     time start—Time when the TCP connection was established, in jiffies.

·     offset—Timestamp minus the time (in jiffies) when SYN cookie was enabled.

·     nsroffset—NSR backup time for the TCP connection on the active MPU minus the NSR backup time on the standby MPU, in jiffies. This value is recorded on the standby MPU.

·     send—Timestamp when most recent TCP packet was sent.

·     start—Time in the kernel, in jiffies.

·     lastrcv—Time when most recent TCP packet was received, in jiffies.

·     tsrecent—Timestamp when most recent packet was received from the peer device.

·     tsrecentage—Time when most recent packet with the timestamp option was received, in jiffies.

rexmt shift/ current/seq rtt/srtt/var/ low/min/best/updatetimes

Retransmission and round-trip time parameters:

·     rexmt shift—Packet retransmission times.

·     current—Retransmission interval.

·     seq—Start sequence number in the first retransmission in the round.

·     rtt—Last recent round-trip time.

·     srtt—Round-trip time after the smoothing.

·     var—Value of the round-trip time variable.

·     low—History minimum round-trip time.

·     min—Allowed minimum round-trip time.

·     best—Predicted best round-trip time.

·     updatetimes—Update times of the round-trip time.

MDC ID

ID of the MDC. The value is 1 if the TCP connection is in the default MDC.

Jul 5 09:37:58:917 2019

Time when the display tcp trace cache-packet ipv6 command was executed.

VPN name

Name of the VPN instance to which the TCP connection belongs. This field displays N/A if the TCP connection is on the public network.

Connection

Source IPv6 address, source port number, destination IPv6 address, and destination port number in the IPv6 TCP connection.

Reason

Reason why the TCP connection was disconnected:

·     received reset—The local device received an RST packet.

·     sent reset—The local device sent an unsolicited RST packet.

·     peer normal close—The peer device was normally shut down.

·     application normal close—The application using the TCP connection was normally closed on the local device.

·     application abnormal close—The application using the TCP connection was abnormally closed on the local device .

·     keepalive timeout—The keepalive probing timed out.

·     persist timeout—The persist timer expired.

·     retransmit timeout—The retransmission timed out.

·     backup drop—Invalid NSR standby MPU.

sndmax/localackmax/scale/mss

Packet sending information:

·     sndmax—Increment of the send sequence number, which is calculated by using the following formula: sequence number in the last sent packet - initial sequence number.

·     localackmax—Increment of the sequence number in the ACK packet for the locally sent packet, which is calculated by using following formula: sequence number in the last received ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in sent packets.

rcvmax/peerackmax/scale/mss

Packed receiving information:

·     rcvmax—Increment of the receive sequence number, which is calculated by using the following formula:
Sequence number in the last received packet - Initial sequence number.

·     peerackmax—Increment of the sequence number in the ACK packet for the packet received on the local device, which is calculated by using the following formula: sequence number in the last sent ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in received packets.

iss

Sequence number in the SYN packet when the IPv6 TCP connection was established.

irs

Sequence number in the ACK packet when the IPv6 TCP connection was established.

in x (drop x)

Number of received IPv6 packets. The value in parentheses (()) indicates the number of dropped IPv6 packets.

out

Number of IPv6 packets that have been sent.

retrans

Number of IPv6 packets that have been retransmitted.

connection time

Time when the TCP connection was established.

(1)

Display number of the packet information.

Jul 6 09:37:58:917 2019

Packet exchange time.

In

Incoming IPv6 TCP packet.

Out

Outgoing IPv6 TCP packet.

RS

Retransmitted IPv6 TCP packet.

seq

Send sequence number. The value in parentheses (()) indicates the relative send sequence number, which is  calculated by using the following formula: send sequence number - initial send sequence number.

ack

Acknowledgment number. The value in parentheses (()) indicates the relative receive sequence number, which is  calculated by using the following formula: receive sequence number - initial receive sequence number.

data

Data length in the IPv6 TCP packet.

NSR

Validity state of NSR:

·     valid.

·     invalid.

CLOSED

NSR state of the TCP connection. Values include:

·     CLOSED—Closed (initial) state.

·     CLOSING—The connection is to be closed.

·     ENABLED—The backup is enabled.

·     OPEN—The connection synchronization has started.

·     PENDING—The connection backup is not ready.

·     READY—The connection backup is ready.

·     SMOOTH—The connection data is being smoothed.

flag

TCP flag:

·     FIN—Terminates the connection.

·     SYN—Establishes the connection.

·     RST—Resets the connection.

·     PSH—Notifies the receiver to immediately process the data instead of buffering it.

·     ACK—Acknowledges the receipt of data.

·     URG—Notifies the receiver to first process the urgent data.

status

TCP connection state:

·     CLOSED—The server receives a disconnection request's reply from the client.

·     LISTEN—The server is waiting for connection requests.

·     SYN_SENT—The client is waiting for the server to reply to the connection request.

·     SYN_RCVD—The server receives a connection request.

·     ESTABLISHED—The server and client have established connections and can transmit data bidirectionally.

·     CLOSE_WAIT—The server receives a disconnection request from the client.

·     FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request.

·     CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other.

·     LAST_ACK—The server is waiting for the client to reply to a disconnection request.

·     FIN_WAIT_2—The client receives a disconnection reply from the server.

·     TIME_WAIT—The client receives a disconnection request from the server.

win

IPv6 TCP window size

csum

Checksum in the IPv6 TCP extension header

iss/sndcc/unack/next/max/wnd

Packet sending information:

·     iss—Initial send sequence number.

·     sndcc—Number of bytes in the send buffer.

·     unack—Sequence number in the first data packet that has been sent but not acknowledged minus the initial sequence number.

·     next—Sequence number in the next packet to be sent minus the initial sequence number.

·     max—Send maximum sequence number minus the initial sequence number.

·     wnd—TCP send window size.

·     wnd—IPv6 TCP send window size.

irs/rcvcc/undeliver/next/adv/wnd

Packet receiving information:

·     irs—Initial receive sequence number.

·     rcvcc—Number of bytes in the receive buffer.

·     undeliver—Sequence number in the received data packet that has been not been delivered minus the initial receive sequence number.

·     next—Sequence number of the next expected packet.

·     adv—Advertised sequence number of the sliding window minus the initial sequence number.

·     wnd—IPv6 TCP receive window size.

socket state

Socket state:

·     NOFDREF—The user has closed the connection.

·     ISCONNECTED—The connection has been established.

·     ISCONNECTING—The connection is being established.

·     ISDISCONNECTING—The connection is being interrupted.

·     ASYNC—Asynchronous mode.

·     ISDISCONNECTED—The connection has been terminated.

·     PROTOREF—Indicates strong protocol reference.

·     N/A—None of above state.

socket options

Socket options:

·     SO_DEBUG—Records socket debugging information.

·     SO_ACCEPTCONN—Enables the server to listen connection requests.

·     SO_REUSEADDR—Allows the local address reuse.

·     SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive.

·     SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network.

·     SO_BROADCAST—Supports broadcast packets.

·     SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer.

·     SO_OOBINLINE—Stores the out-of-band data in the input queue.

·     SO_REUSEPORT—Allows the local port reuse.

·     SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated.

·     SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs.

·     SO_FILTER—Supports setting the packet filter criterion. This option takes effect on the incoming packets.

·     SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds.

·     N/A—No options are set.

inpcb flags

Flags in the Internet PCB:

·     INP_RECVOPTS—Receives IPv6 options.

·     INP_RECVRETOPTS—Receives replied IPv6 options.

·     INP_RECVDSTADDR—Receives destination IPv6 address.

·     INP_HDRINCL—Provides the entire IPv6 header.

·     INP_REUSEADDR—Reuses the IPv6 address.

·     INP_REUSEPORT—Reuses the port number.

·     INP_ANONPORT—Port number not specified.

·     INP_PROTOCOL_PACKET—Identifies a protocol packet.

·     IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack.

·     IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet.

·     IN6P_HOPLIMIT—Receives the hop limit.

·     IN6P_HOPOPTS—Receives the hop-by-hop options extension header.

·     IN6P_DSTOPTS—Receives the destination options extension header.

·     IN6P_RTHDR—Receives the routing extension header.

·     IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header.

·     IN6P_TCLASS—Receives the traffic class of the packet.

·     IN6P_AUTOFLOWLABEL—Attaches a flow label automatically.

·     IN6P_RFC2292—Uses the API specified in RFC 2292.

·     IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag.

·     INP_RCVMACADDR—Receives the MAC address of the frame.

·     INP_USEICMPSRC—Uses the user-defined source IP address of ICMP messages as the source address.

·     INP_SYNCPCB—Waits until Internet PCB is synchronized.

·     N/A—None of the above flags.

inpcb extflag

Extension flags in the Internet PCB:

·     INP_EXTRCVPVCIDX—Records the PVC index of the received packet.

·     INP_RCVPWID—Records the PW ID of the received packet.

·     INP_EXTDONTDROP—Does not drop the received packet.

·     INP_EXLISTEN—Listens to the socket.

·     N/A—None of the above flags.

TCP options

TCP options:

·     TF_MD5SIG—Enables MD5 signature.

·     TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP.

·     TF_NOOPT—No TCP options.

·     TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers.

·     TF_BINDFOREIGNADDR—Binds the peer IP address.

·     TF_NSR—Enables TCP NSR.

·     TF_REQ_SCALE—Enables the TCP window scale option.

·     TF_REQ_TSTMP—Enables the timestamp option.

·     TF_SACK_PERMIT—Enables the TCP selective acknowledgement option.

·     TF_ENHANCED_AUTH—Enables the enhanced authentication option.

recv delayack

This value is calculated by using the sequence number of the next expected packet on the MPU minus the initial receive sequence number.

time start/offset/nsroffset/send/start/lastrcv/tsrecent/tsrecentage

Time values:

·     time start—Time when the TCP connection was established, in jiffies.

·     offset—Timestamp minus the time (in jiffies) when SYN cookie was enabled.

·     nsroffset—NSR backup time for the TCP connection on the active MPU minus the NSR backup time on the standby MPU, in jiffies. This value is recorded on the standby MPU.

·     send—Timestamp when most recent TCP packet was sent.

·     start—Time in the kernel, in jiffies.

·     lastrcv—Time when most recent TCP packet was received, in jiffies.

·     tsrecent—Timestamp when most recent packet was received from the peer device.

·     tsrecentage—Time when most recent packet with the timestamp option was received, in jiffies.

rexmt shift/current/seq /rtt/srtt/var/low/min/best/updatetimes

Retransmission and round-trip time parameters:

·     rexmt shift—Packet retransmission times.

·     current—Retransmission interval.

·     seq—Start sequence number in the first retransmission in the round.

·     rtt—Last recent round-trip time.

·     srtt—Round-trip time after the smoothing.

·     var—Value of the round-trip time variable.

·     low—History minimum round-trip time.

·     min—Allowed minimum round-trip time.

·     best—Predicted best round-trip time.

·     updatetimes—Update times of the round-trip time.

Trace rules

TCP connection trace rules:

·     All—Traces all TCP connections.

·     Only-new-connection—Traces only new connections that are established after you enable TCP connection trace.

·     IPv4 ACL—Traces the TCP connections that match the specified IPv4 ACL.

·     IPv6 ACL—Traces the TCP connections that match the specified IPv6 ACL.

Value All is exclusive with other values (Only-new-connection, IPv4 ACL, and IPv6 ACL). Values Only-new-connection, IPv4 ACL, and IPv6 ACL can be displayed at the same time.

Max packets number per connection

Maximum number of data packets that can be traced per TCP connection.

Memory quota

Memory quota for recording TCP packet information, in MB.

Persist status

Whether the TCP connection trace configuration is saved into the database file:

·     Persist—The TCP connection trace configuration is saved into the database file.

·     Non-persist—The TCP connection trace configuration is not saved into the database file.

Cache-mode

Type of disconnected TCP connections that the TCP connection trace feature records:

·     All—Records information about all disconnected TCP connections.

·     Abnormal-close—Records information about only abnormally closed TCP connections.

State

Enabling status of TCP connection trace:

·     Enabled.

·     Disabled.

Tracing connections

Total number of connected TCP connections that are being traced.

Caching disconnected connections

Total number of disconnected TCP connections that have been recorded.

Disconnected connections

Total number of disconnected TCP connections that are being traced.

Received reset

Total number of TCP connections that were disconnected because the device received RST packets.

Sent reset

Total number of TCP connections that were disconnected because the device sent unsolicited RST packets.

Peer normal close

Total number of TCP connections that were disconnected because the peer device has been normally shut down.

Application normal close

Total number of TCP connections that were disconnected because the applications using these connections on the local device have been normally closed.

Application abnormal close

Total number of TCP connections that were disconnected because the applications using these connections on the local device have been abnormally closed.

Keepalive timeout

Total number of TCP connections that were disconnected because the keepalive probing timed out.

Persist timeout

Total number of TCP connections that were disconnected because the persist timer expired.

Retransmit timeout

Total number of TCP connections that were disconnected because the retransmission timed out.

Backup drop

Total number of TCP connections that were disconnected because of the invalid NSR standby MPU.